从客户端检测到具有潜在危险的 Request.Form 值 (editor="<div id="header" sty...")
A potentially dangerous Request.Form value was detected from the client (editor="<div id="header" sty...")
首先我应该说我已经关注了下面几乎所有的问题和论坛Post
Whosebug Question 1
Whosebug Question 2
Whosebug Question 3
Whosebug Question 4
Server Error in Application ... A potentially dangerous Request.Form value was detected
Avoiding the ‘A potentially dangerous Request.Form value was detected’
A potentially dangerous Request.Form value was detected from the client in asp.net
所有线程都提到要在 web.config 文件中添加 <httpRuntime requestValidationMode = "2.0" />
或 <pages validateRequest ="false" />
,但这对我不起作用。
一旦我这样做并开始调试,就会出现这种错误
实际上,我正在尝试将 HTML 文件加载到富文本编辑器内容中,然后单击 另存为 PDF 按钮,将富文本编辑器内容保存到PDF 文件
这些是相关的控制器class方法
[ValidateInput(false)]
public ActionResult output_xhtml()
{
PrepairEditor(delegate(Editor editor)
{
editor.LoadHtml("~/example.html");
});
return View();
}
[HttpPost]
[ValidateInput(false)]
public ActionResult output_xhtml(string m)
{
Editor theeditor = PrepairEditor(delegate(Editor editor)
{
});
theeditor.SavePDF("~/aaa.pdf");
return View();
}
PrepairEditor() 方法
protected Editor PrepairEditor(Action<Editor> oninit)
{
Editor editor = new Editor(System.Web.HttpContext.Current, "editor");
editor.ClientFolder = "/richtexteditor/";
editor.ContentCss = "/Content/example.css";
//editor.ClientFolder = "/Content/richtexteditor/";
//editor.ClientFolder = "/Scripts/richtexteditor/";
editor.Text = "Type here";
editor.AjaxPostbackUrl = Url.Action("EditorAjaxHandler");
if (oninit != null) oninit(editor);
//try to handle the upload/ajax requests
bool isajax = editor.MvcInit();
if (isajax)
return editor;
//load the form data if any
if (this.Request.HttpMethod == "POST")
{
string formdata = this.Request.Form[editor.Name];
if (formdata != null)
editor.LoadFormData(formdata);
}
//render the editor to ViewBag.Editor
ViewBag.Editor = editor.MvcGetString();
return editor;
}
//this action is specified by editor.AjaxPostbackUrl = Url.Action("EditorAjaxHandler");
//it will handle the editor dialogs Upload/Ajax requests
[ValidateInput(false)]
public ActionResult EditorAjaxHandler()
{
PrepairEditor(delegate(Editor editor)
{
});
return new EmptyResult();
}
这是PrepairEditor()方法中出错地方的截图
output_xhtml.cshtml 查看文件
<!DOCTYPE html>
<html>
<head>
<title>RichTextEditor - Output XHTML</title>
</head>
<body>
<script type="text/javascript">
var editor;
function RichTextEditor_OnLoad(editor) {
editor = editor;
var content = true;
if (!content) {
setTimeout(function () {
editor.SetText("<table>.....</table>");
}, 1000);
return;
}
}
</script>
<script type='text/javascript'>
function RichTextEditor_OnLoad(editor) {
editor.SetWidth(1150); //Sets the width.
editor.SetHeight(612); //Sets the height.
}
</script>
@using (Html.BeginForm())
{
<div>
@Html.Raw(ViewBag.Editor)
<br />
<button id="btn_sumbit" type="submit" class="btn btn-danger submit">Save as PDF</button>
</div>
<br />
<div>
<h3>
Result html:
</h3>
<div>
@ViewBag._content
</div>
</div>
}
</body>
</html>
因为你路过HTML
在您的方法上方添加:[AllowHtml]
Once I did that and start debugging , getting this kind of error
查看您遇到的错误。您的 web.config 中已有 <httpRuntime />
部分。你不能有两个。不要添加新的,而是更改现有的。
[AllowHtml] 在您的模型而不是控制器方法中继续 属性。它的命名空间是 System.Web.MVC
首先我应该说我已经关注了下面几乎所有的问题和论坛Post
Whosebug Question 1
Whosebug Question 2
Whosebug Question 3
Whosebug Question 4
Server Error in Application ... A potentially dangerous Request.Form value was detected
Avoiding the ‘A potentially dangerous Request.Form value was detected’
A potentially dangerous Request.Form value was detected from the client in asp.net
所有线程都提到要在 web.config 文件中添加 <httpRuntime requestValidationMode = "2.0" />
或 <pages validateRequest ="false" />
,但这对我不起作用。
一旦我这样做并开始调试,就会出现这种错误
实际上,我正在尝试将 HTML 文件加载到富文本编辑器内容中,然后单击 另存为 PDF 按钮,将富文本编辑器内容保存到PDF 文件
这些是相关的控制器class方法
[ValidateInput(false)]
public ActionResult output_xhtml()
{
PrepairEditor(delegate(Editor editor)
{
editor.LoadHtml("~/example.html");
});
return View();
}
[HttpPost]
[ValidateInput(false)]
public ActionResult output_xhtml(string m)
{
Editor theeditor = PrepairEditor(delegate(Editor editor)
{
});
theeditor.SavePDF("~/aaa.pdf");
return View();
}
PrepairEditor() 方法
protected Editor PrepairEditor(Action<Editor> oninit)
{
Editor editor = new Editor(System.Web.HttpContext.Current, "editor");
editor.ClientFolder = "/richtexteditor/";
editor.ContentCss = "/Content/example.css";
//editor.ClientFolder = "/Content/richtexteditor/";
//editor.ClientFolder = "/Scripts/richtexteditor/";
editor.Text = "Type here";
editor.AjaxPostbackUrl = Url.Action("EditorAjaxHandler");
if (oninit != null) oninit(editor);
//try to handle the upload/ajax requests
bool isajax = editor.MvcInit();
if (isajax)
return editor;
//load the form data if any
if (this.Request.HttpMethod == "POST")
{
string formdata = this.Request.Form[editor.Name];
if (formdata != null)
editor.LoadFormData(formdata);
}
//render the editor to ViewBag.Editor
ViewBag.Editor = editor.MvcGetString();
return editor;
}
//this action is specified by editor.AjaxPostbackUrl = Url.Action("EditorAjaxHandler");
//it will handle the editor dialogs Upload/Ajax requests
[ValidateInput(false)]
public ActionResult EditorAjaxHandler()
{
PrepairEditor(delegate(Editor editor)
{
});
return new EmptyResult();
}
这是PrepairEditor()方法中出错地方的截图
output_xhtml.cshtml 查看文件
<!DOCTYPE html>
<html>
<head>
<title>RichTextEditor - Output XHTML</title>
</head>
<body>
<script type="text/javascript">
var editor;
function RichTextEditor_OnLoad(editor) {
editor = editor;
var content = true;
if (!content) {
setTimeout(function () {
editor.SetText("<table>.....</table>");
}, 1000);
return;
}
}
</script>
<script type='text/javascript'>
function RichTextEditor_OnLoad(editor) {
editor.SetWidth(1150); //Sets the width.
editor.SetHeight(612); //Sets the height.
}
</script>
@using (Html.BeginForm())
{
<div>
@Html.Raw(ViewBag.Editor)
<br />
<button id="btn_sumbit" type="submit" class="btn btn-danger submit">Save as PDF</button>
</div>
<br />
<div>
<h3>
Result html:
</h3>
<div>
@ViewBag._content
</div>
</div>
}
</body>
</html>
因为你路过HTML
在您的方法上方添加:[AllowHtml]
Once I did that and start debugging , getting this kind of error
查看您遇到的错误。您的 web.config 中已有 <httpRuntime />
部分。你不能有两个。不要添加新的,而是更改现有的。
[AllowHtml] 在您的模型而不是控制器方法中继续 属性。它的命名空间是 System.Web.MVC